[ANNOUNCE] Security releases and advisory issued (1.7.6 and 1.8b2)
Today the Django team issued multiple releases -- Django 1.7.6 and 1.8b2 -- as part of our security process. These releases address a publicly reported security issue, and we encourage all users to upgrade as soon as possible. More details can be found on our blog: https://www.djangoproject.com/weblog/2015/mar/09/security-releases/ As a reminder, we ask that potential security issues be reported via private email to secur...@djangoproject.com, and not via Django's Trac instance or the django-developers list. Please see https://www.djangoproject.com/security for further information. -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/bacc812a-5289-4cf1-be2b-9e87b5f13244%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ANNOUNCE] Security releases and advisory issued (1.7.6 and 1.8b2)
Hi, On 9 Mar 2015, at 16:01, Tim Graham wrote: > > Today the Django team issued multiple releases -- Django 1.7.6 and 1.8b2 -- > as part of our security process. These releases address a publicly reported > security issue, and we encourage all users to upgrade as soon as possible. Thanks for these fixes. Is Django 1.6.x affected vulnerable to these issues? Francis -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/0CCDBE6F-283B-40B4-ABB7-CFB45E9D507E%40devrx.org. For more options, visit https://groups.google.com/d/optout.
Re: [ANNOUNCE] Security releases and advisory issued (1.7.6 and 1.8b2)
Hey Francis, with respect to the ModelAdmin.readonly_fields: no, the vulnerability was introduced in 1.7 with respect to the advisory: yes, all projects that make use the template filters in Python code and rely on Django 1.0 to 1.8b1 (including) are vulnerable. Best, /Markus On Monday, March 9, 2015 at 5:24:57 PM UTC+1, Francis Devereux wrote: > > Hi, > > On 9 Mar 2015, at 16:01, Tim Graham > > wrote: > > > > Today the Django team issued multiple releases -- Django 1.7.6 and 1.8b2 > -- as part of our security process. These releases address a publicly > reported security issue, and we encourage all users to upgrade as soon as > possible. > > Thanks for these fixes. > > Is Django 1.6.x affected vulnerable to these issues? > > Francis > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/c5ab21cd-81df-425b-8d43-103606f54864%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
